Securing Endpoints without a Security Expert

Transcription

1 How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Securing Endpoints without a Security Expert sponsored by

2 Introduction to Realtime Publishers by Don Jones, Series Editor For several years now, Realtime has produced dozens and dozens of high quality books that just happen to be delivered in electronic format at no cost to you, the reader. We ve made this unique publishing model work through the generous support and cooperation of our sponsors, who agree to bear each book s production expenses for the benefit of our readers. Although we ve always offered our publications to you for free, don t think for a moment that quality is anything less than our top priority. My job is to make sure that our books are as good as and in most cases better than any printed book that would cost you $40 or more. Our electronic publishing model offers several advantages over printed books: You receive chapters literally as fast as our authors produce them (hence the realtime aspect of our model), and we can update chapters to reflect the latest changes in technology. I want to point out that our books are by no means paid advertisements or white papers. We re an independent publishing company, and an important aspect of my job is to make sure that our authors are free to voice their expertise and opinions without reservation or restriction. We maintain complete editorial control of our publications, and I m proud that we ve produced so many quality books over the past years. I want to extend an invitation to visit us at especially if you ve received this publication from a friend or colleague. We have a wide variety of additional books on a range of topics, and you re sure to find something that s of interest to you and it won t cost you a thing. We hope you ll continue to come to Realtime for your educational needs far into the future. Until then, enjoy. Don Jones i

4 Copyright Statement 2011 Realtime Publishers. All rights reserved. This site contains materials that have been created, developed, or commissioned by, and published with the permission of, Realtime Publishers (the Materials ) and this site and any such Materials are protected by international copyright and trademark laws. THE MATERIALS ARE PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. The Materials are subject to change without notice and do not represent a commitment on the part of Realtime Publishers its web site sponsors. In no event shall Realtime Publishers or its web site sponsors be held liable for technical or editorial errors or omissions contained in the Materials, including without limitation, for any direct, indirect, incidental, special, exemplary or consequential damages whatsoever resulting from the use of any information contained in the Materials. The Materials (including but not limited to the text, images, audio, and/or video) may not be copied, reproduced, republished, uploaded, posted, transmitted, or distributed in any way, in whole or in part, except that one copy may be downloaded for your personal, noncommercial use on a single computer. In connection with such use, you may not modify or obscure any copyright or other proprietary notice. The Materials may contain trademarks, services marks and logos that are the property of third parties. You are not permitted to use these trademarks, services marks or logos without prior written consent of such third parties. Realtime Publishers and the Realtime Publishers logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. If you have any questions about these terms, or if you would like information about licensing materials from Realtime Publishers, please contact us via at iii

5 Securing Endpoints Without a Security Expert Businesses have to protect their endpoint devices from a wide range of security threats. Fortunately, we do not have to be specialized security experts to get the job done if we understand some of the fundamental issues of securing our business systems. In this, the second article in the SMB Security Series: How to Protect Your Business from Malware, Phishing, and Cybercrime, we examine how to implement and maintain endpoint security with particular emphasis on: The changing landscape of endpoint devices Core requirements for endpoint security Management requirements for maintaining endpoint security By considering both the technical and management issues related to endpoint security, we can better understand how to mitigate the information security risks facing most businesses. Changing Landscape of Endpoint Devices When business information technology began decades ago, IT professionals worked with single, monolithic mainframe computers, dedicated terminals for interacting with the computer, and centralized storage systems dedicated to the needs of one system. Today s IT environment is radically different. A typical IT department in today s business is responsible for managing a highlydistributed set of computers, network devices, and storage arrays. There are different types of devices ranging from small handhelds to large clusters of servers. In spite of the many differences in these devices, there is a common need for security controls on all of them. An inventory of the various types of devices found in today s businesses includes: Desktop computers, which are typically used by a single individual and directly connected to a company s network. Laptop computers, which again are typically used by a single individual but are sometimes directly connected to the company network and are other times used remotely. 1

6 Mobile devices, such as smart phones and tablet devices, which provide constant remote access to business services, such as and calendar applications. Servers are often housed in a data center and provide shared services to the company, including , Web hosting, file sharing, databases, and other enterprise applications. Newly instrumented devices, such as point of sale terminals, specialized medical devices, automobiles, and other devices that can collect data from multiple places and send it to centralized servers for analysis and storage. Despite the differences in these device types, they can all function together on an integrated network (see Figure 1). Figure 1: Endpoints vary in function and characteristics, but they all function together on a company s network and require similar types of endpoint security controls. In addition to the diversity in device types, IT professionals are faced with the increasing use of personally owned devices. It was not uncommon several years ago for employees to work from home using a home computer, but the level of use of personal devices has increased significantly with the availability of low cost mobile devices such as smart phones and tablet devices. The addition of consumer devices makes management more difficult. It is important to have policies in place that describe acceptable use of personal devices and define what security measures must be taken before a personal device is used to access company resources. 2

7 These policies should describe: Required antivirus software Limits on the kinds of operations that can be performed while connected to the corporate network Limits on the types of information that can be permanently stored or cached on a personal device Regardless of whether a device is a company asset or a personal device, all endpoints should be protected with a core set of security controls. Core Requirements for Endpoint Security Endpoints should be protected by several types of security controls: Anti malware Anti spam Anti phishing Firewall Endpoint encryption Anti malware programs should be installed on endpoints to detect, contain, and remove malicious software. This type of software has long been called antivirus but that name does not reflect the full range of malicious code these programs can detect. Anti malware should be configured to scan incoming content, such as downloaded attachments, as well as data on storage devices on a regular basis. Anti spam software is essential to keep unwanted from clogging users inboxes, consuming storage, and wasting network bandwidth. To get a sense of just how bad the problem is, consider these statistics (Source: Statistics Report The Radicati Group, Inc.): In the US, approximately 73% of all messages are spam A midsize company of 1000 can spend approximately $3 million per year to deal with spam 1 message out of every 169 contains some type of malicious content 1 message out of every 242 is a phishing lure Anti phishing software is similar to anti spam and anti malware scanners in that it examines incoming traffic. Phishing lures sometimes contain links to malicious Web sites, so scanning messages for potentially harmful links is an important element of anti phishing controls. 3

8 Firewalls are designed as gatekeepers to control the type of network traffic entering and leaving a device. Clearly, we need blocks on unwanted incoming traffic. Firewalls can be configured to block ports that are not needed. For example, most devices may block traffic on port 21, which is used, by convention, for ftp file transfers. Unless the device will use ftp, it is best to block traffic on that port to mitigate the risk of an attacker exploiting a weakness in ftp. Outgoing traffic should also be controlled with firewalls. In particular, we should not assume that any traffic originating from one of our devices is trusted traffic. If an attacker were able to infect a computer with malicious software, that software may attempt to send information from the compromised device to an attacker controlled server. Valuable intellectual property or confidential information may reside on a number of devices in your business. These are all potential targets for a data breach. One way to mitigate the risk of data loss is to use endpoint encryption. With endpoint encryption, as long as an attacker does not have the decryption key, the information on the device is inaccessible. The combination of anti malware, anti spam, anti phishing, firewalls, and endpoint encryption create a multi layered set of defenses that complement each other. If an attacker is able to circumvent anti phishing measures and lure a victim into downloading malicious content, the anti malware software can detect it. If someone is able to install a remote control program, the firewall may block its communications with a command and control server. If a thief were able to steal a laptop, the confidential information on the device could be protected by encryption. In addition to these technical requirements, there are management issues one should consider for complete security. Management Requirements Security software should be deployed on all endpoint devices, so ease of installation and maintenance is a key requirement. Once the software is installed, it should be configured to automatically update. As noted in the first article in this series, anti malware vendors are detecting tens of thousands of new forms of malware every day. Trying to keep all endpoint devices up to date manually would be a poor use of staff time and would likely lead to mistakes that leave devices more vulnerable than they otherwise would be. Anti malware and other endpoint security controls should be configured to generate alerts for users and systems administrators when specific types of events occur, such as malicious content is found in an message. These applications should also keep a log of significant events. This can be valuable information for analyzing a security breach as well as understanding overall trends and patterns affecting endpoint devices assuming proper security management reporting is in place. Anti malware programs should support on demand scanning and should work with removable as well as fixed storage devices. 4

9 A common management consideration is cost. There may be cost advantages to procuring suites of security software that include anti malware, anti spam, anti phishing, firewalls, and endpoint encryption in a single package. These controls may also be available through security as a service from vendors. This delivery mechanism avoids the need to install and maintain security software on site. Summary Endpoints of all types must be protected against common malware, phishing, and data loss threats. When evaluating solutions, be sure to consider options with a comprehensive set of security controls and consider security as a service options as well. Also keep in mind the management requirements as well as technical requirements when assessing the best way to protect your business from malware, spam, phishing, and data loss. 5

How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor

How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime sponsored by Introduction

Protecting Data with a Unified Platform The Essentials Series sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor For several years now, Realtime has produced dozens and dozens

Protecting Data with a Unified Platform The Essentials Series sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor For several years now, Realtime has produced dozens and dozens

Protecting Data with a Unified Platform The Essentials Series sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor For several years now, Realtime has produced dozens and dozens

Streamlining Configuration Management The Essentials Series How Configuration Management Tools Address the Challenges of Configuration Management sponsored by Introduction to Realtime Publishers by Don

Deploying and Managing Private Clouds The Essentials Series Steps to Migrating to a Private Cloud sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor For several years now, Realtime

Collaborative and Agile Project Management The Essentials Series sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor For several years now, Realtime has produced dozens and dozens

Collaborative and Agile Project Management The Essentials Series sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor For several years now, Realtime has produced dozens and dozens

Log Management: Best Practices for Security and Compliance The Essentials Series Best Practices for Log File Management (Compliance, Security, Troubleshooting) sponsored by Introduction to Realtime Publishers

Deploying and Managing Private Clouds The Essentials Series Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud sponsored by Managing for the Long Term: Keys to

The Essentials Series: Increasing Performance in Enterprise Anti-Malware Software Best Practices in Deploying Anti-Malware for Best Performance sponsored by by Eric Schmidt Be st Practices in Deploying

Maximizing Your Desktop and Application Virtualization Implementation The Essentials Series sponsored by David Davis Using Hosted Applications with Desktop Virtualization... 1 The State of Desktop Virtualization...

Taking a Fresh Look at Business Continuity and Disaster Recovery The Essentials Series sponsored by Introduction to Realtime Publishers by, Series Editor For several years now, Realtime has produced dozens

Virtualization Backup and Recovery Solutions for the SMB Market The Essentials Series How Traditional Physical Backup Imaging Technology Fits Into a Virtual Backup Solution sponsored by Introduction to

How to Install SSL Certificates on Microsoft Servers Introduction to Realtime Publishers by Don Jones, Series Editor For several years now, Realtime has produced dozens and dozens of high quality books

Deploying and Managing Private Clouds The Essentials Series Tips and Best Practices for Managing a Private Cloud sponsored by Tip s and Best Practices for Managing a Private Cloud... 1 Es tablishing Policies

Protecting Client Data in the Cloud: A Channel Perspective The Essentials Series What Are Cloud-Connected Data Protection Services About? Architectural Advice for Resellers sponsored by Introduction to

Real World Considerations for Implementing Desktop Virtualization The Essentials Series sponsored by Intro duction to Desktop Virtualization for the IT Pro... 1 What Is Desktop Virtualization?... 2 VDI

Building Business Productivity with Unified Communications The Essentials Series Networking for Increased Productivity and Reduced Costs sponsored by Introduction to Realtime Publishers by Don Jones, Series

Security Management Tactics for the Network Administrator The Essentials Series Controlling and Managing Security with Performance Tools sponsored by Co ntrolling and Managing Security with Performance

Endpoint Data Encryption That Actually Works The Essentials Series Making Endpoint Encryption Work in the Real World sponsored by Ma king Endpoint Encryption Work in the Real World... 1 Th e Key: Policy

How the Software-Defined Data Center Is Transforming End User Computing The Essentials Series sponsored by David Davis SDDC Powered Virtual Desktops and Applications... 1 Three Pillars of SDDC and Desktop/Application

Using Cloud Services to Improve Web Security The Essentials Series Can You Trust a Cloud-based Security Solution? sponsored by Ca n You Trust a Cloud Based Security Solution?... 1 Clo ud Security Service

The Essentials Series: Architecting the Right Solution for Strong Authentication Deployment and Management of Strong Authentication Solutions sponsored by by Deployment and Managemen t of Strong Authentication

Achieve Deeper Network Security Dell Next-Generation Firewalls Abstract Next-generation firewalls (NGFWs) have taken the world by storm, revolutionizing network security as we once knew it. Yet in order

The Essentials Series: Important Questions in Implementing Virtual Desktops Where Do I Start With Virtual Desktops? sponsored by by W here Do I Start with Virtual Desktops?... 1 W hat Is a Virtual Desktop?...

Maximizing Your Desktop and Application Virtualization Implementation The Essentials Series sponsored by David Davis Article 1: Using Hosted Applications with Desktop Virtualization... 1 The State of Desktop

Virtualization Backup and Recovery Solutions for the SMB Market The Essentials Series 10 Must-Have Features for Every Virtualization Backup and Disaster Recovery Solution sponsored by Introduction to Realtime

McAfee Endpoint Protection for SMB You grow your business. We keep it secure. Big Protection for Small to Medium-Sized Businesses With the Internet and connected devices now an integral part of your business,

Maximizing Your Desktop and Application Virtualization Implementation The Essentials Series sponsored by David Davis Article 1: Using Hosted Applications with Desktop Virtualization... 1 The State of Desktop

The Essentials Series: Code-Signing Certificates What Are Certificates? sponsored by by Don Jones W hat Are Certificates?... 1 Digital Certificates and Asymmetric Encryption... 1 Certificates as a Form

The Essentials Series: Configuring High Availability for Windows Server 2008 Environments Non-Native Options for High Availability by Non-Native Options for High Availability... 1 Suitability and Cost...

Protecting Client Data in the Cloud: A Channel Perspective The Essentials Series To Cloud or Not to Cloud? Growing a Managed Services Portfolio sponsored by Introduction to Realtime Publishers by Don Jones,

The Essentials Series: Making High Availability Pay For Itself Relating High Availability Metrics to Business Value sponsored by by Relating High-Availability Metrics to Business Value... 1 How to Explain

How the Software-Defined Data Center Is Transforming End User Computing The Essentials Series sponsored by David Davis Building the Future of the Desktop on the Software-Defined Data Center... 1 What Is

The Essentials Series: Infrastructure Management Realizing the IT Management Value of Infrastructure Management sponsored by by Chad Marshall Realizing the IT Management Value of Infrastructure Management...1

Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

The Essentials Series: Solving Network Problems Before They Occur How to Use SNMP in Network Problem Resolution sponsored by KNOW YOUR NETWORK by Greg Shields Ho w to Use SNMP in Network Problem Resolution...

Types of cyber-attacks And how to prevent them Introduction Today s cybercriminals employ several complex techniques to avoid detection as they sneak quietly into corporate networks to steal intellectual

The Essentials Series: Configuring High Availability for Windows Server 2008 Environments The Art of High Availability by The Art of High Availability... 1 Why Do We Need It?... 1 Downtime Hurts... 1 Critical

TrendLabs Data exfiltration is the final stage of a targeted attack campaign where threat actors steal valuable corporate information while remaining undetected. 1 43% of most serious threats to the company

WHITE PAPER: 2012 ENDPOINT SECURITY BEST PRACTICES SURVEY........................................ 2012 Endpoint Security Best Practices Survey Who should read this paper Small and medium business owners

INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part

- 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online

January 2012 Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 All contents are Copyright 1992 2012 Cisco Systems, Inc. All rights reserved. This document

10 easy steps to secure your retail network Simple step-by-step IT solutions for small business in retail to leverage advanced protection technology in ways that are affordable, fast and easy October 2015

SECURITY IN CONTEXT LATERAL MOVEMENT: How Do Threat Actors Move Deeper Into Your Network? LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is

TrendLabs When attackers have reached this stage, it is not a big issue for them to transfer data out. Spencer Hsieh Trend Micro threat researcher Advanced persistent threats (APTs) refer to a category